Commit graph

6567 commits

Author SHA1 Message Date
Ronald Cron
97137f91b6
Merge pull request #7071 from yuhaoth/pr/tls13-ticket-add-max_early_data_size-field
TLS 1.3 EarlyData: add `max_early_data_size` field for ticket
2023-11-20 08:04:57 +00:00
BrianX7c
5c7ab6fe86
[cipher.h] Arithmetic overflow in binary left shift operation (MBEDTLS_KEY_BITLEN_SHIFT)
Fixing arithmetic overflow warning (C6297), if compiled in Visual Studio

Signed-off-by: BrianX7c <151365853+BrianX7c@users.noreply.github.com>
2023-11-18 11:07:37 +01:00
Paul Elliott
9e25936241 Rename mutex->is_valid to mutex->state
Rename struct member to make it more representative of its current use.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-11-16 15:14:16 +00:00
Paul Elliott
3774637518 Make threading helpers tests thread safe
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-11-16 15:13:49 +00:00
Paul Elliott
5fa986c8cb Move handling of mutex->is_valid into threading_helpers.c
This is now a field only used for testing.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-11-16 15:13:05 +00:00
Valerio Setti
9b7a8b2a0c ccm/gcm: reaplace CIPHER_C functions with BLOCK_CIPHER_C ones
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-11-16 11:48:00 +01:00
Valerio Setti
8db46e4ee1 check_config: remove dependency check of CCM_C/GCM_C on CIPHER_C
CCM_C/GCM_C can now work with either (in order of preference) CIPHER_C
or BLOCK_CIPHER_C and the latter is auto-enabled in case the former
is not enabled. As a consequence there is no need to enforce the
dependency on CIPHER_C.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-11-16 10:58:27 +01:00
Valerio Setti
dbfd6a9f62 adjust_legacy_crypto: auto-enable BLOCK_CIPHER_C when CIPHER_C is not defined
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-11-16 10:56:00 +01:00
Yanray Wang
4ed8691f6d ssl: move MBEDTLS_SSL_HAVE_XXX to config_adjust_legacy_crypto.h
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-16 15:20:57 +08:00
Manuel Pégourié-Gonnard
dc848955d6
Merge pull request #8519 from mpg/block-cipher
[G2] Add internal module block_cipher
2023-11-15 11:53:22 +00:00
Manuel Pégourié-Gonnard
9e80a91f27
Merge pull request #8164 from yanrayw/adjust_tfm_configs
Adjust how we handle TF-M config files
2023-11-15 08:21:27 +00:00
Valerio Setti
a56eb46ce6 adjust_legacy_from_psa: fix comment
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-11-15 09:18:14 +01:00
Valerio Setti
c2d68f5611 adjust_legacy_from_psa: treat CCM and CCM* separately
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-11-15 09:16:37 +01:00
Valerio Setti
cab5eff98c adjust_config_synonyms: make CCM and CCM* indipendent
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-11-15 09:16:37 +01:00
Jerry Yu
fedaeb21b3 improve document
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-15 13:59:07 +08:00
Jerry Yu
6c485dad44 improve document
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-15 10:18:47 +08:00
Manuel Pégourié-Gonnard
752dd39a69
Merge pull request #8508 from valeriosetti/issue6323
[G3] Driver-only cipher+aead: TLS: ssl-opt.sh
2023-11-14 11:39:06 +00:00
Tom Cosgrove
08ea9bfa1f
Merge pull request #8487 from yanrayw/issue/6909/rename_tls13_conf_early_data
TLS 1.3: Rename early_data and max_early_data_size configuration function
2023-11-10 19:35:46 +00:00
Manuel Pégourié-Gonnard
5f3361c0c6 Temporary hack to pacify check_names.py
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-11-10 12:24:11 +01:00
Manuel Pégourié-Gonnard
21718769d1 Start adding internal module block_cipher.c
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-11-10 11:21:17 +01:00
Valerio Setti
01c4fa3e88 ssl: move MBEDTLS_SSL_HAVE internal symbols to ssl.h
This is useful to properly define MBEDTLS_PSK_MAX_LEN when
it is not defined explicitly in mbedtls_config.h

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-11-10 08:12:07 +01:00
Yanray Wang
111159b89c BLOCK_CIPHER_NO_DECRYPT: call encrypt direction unconditionally
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-10 15:03:23 +08:00
Gilles Peskine
4dec9ebdc2
Merge pull request #8378 from mschulz-at-hilscher/fixes/issue-8377
Fixes "CSR parsing with critical fields fails"
2023-11-08 18:07:04 +00:00
Dave Rodgman
9eb2abd1e0 Add docs re Everest license
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-08 11:40:17 +00:00
Dave Rodgman
28d40930ae Restore bump version
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-08 11:40:08 +00:00
Yanray Wang
d137da5a93 check_config: make error message in BLOCK_CIPHER_NO_DECRYPT clearer
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-08 19:17:44 +08:00
Yanray Wang
30769696e7 Merge remote-tracking branch 'origin/development' into adjust_tfm_configs 2023-11-08 10:00:24 +08:00
Matthias Schulz
c55b500343 Changed notes in x509_csr.h to better describe the behavior of mbedtls_x509_csr_parse_der and mbedtls_x509_csr_parse_der_with_ext_cb.
Signed-off-by: Matthias Schulz <mschulz@hilscher.com>
2023-11-07 16:47:37 +01:00
Yanray Wang
0751761b49 max_early_data_size: rename configuration function
Rename mbedtls_ssl_tls13_conf_max_early_data_size as
mbedtls_ssl_conf_max_early_data_size since in the future
this may not be specific to TLS 1.3.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-07 11:49:34 +08:00
Yanray Wang
d5ed36ff24 early data: rename configuration function
Rename mbedtls_ssl_tls13_conf_early_data as
mbedtls_ssl_conf_early_data since in the future this may not be
specific to TLS 1.3.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-07 11:49:24 +08:00
Yanray Wang
0d76b6ef76 Return an error if asking for decrypt under BLOCK_CIPHER_NO_DECRYPT
If MBEDTLS_BLOCK_CIPHER_NO_DECRYPT is enabled, but decryption is
still requested in some incompatible modes, we return an error of
FEATURE_UNAVAILABLE as additional indication.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-06 10:02:10 +08:00
Yanray Wang
956aa00202 check_config: add checks for MBEDTLS_BLOCK_CIPHER_NO_DECRYPT with PSA
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-06 10:02:10 +08:00
Gilles Peskine
8b6b41f6cd
Merge pull request #8434 from valeriosetti/issue8407
[G2] Make TLS work without Cipher
2023-11-04 15:05:00 +00:00
Dave Rodgman
16799db69a update headers
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-02 19:47:20 +00:00
Yanray Wang
b799eea123 check_config: add checks for MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-02 12:38:01 +08:00
Yanray Wang
e367e47be0 mbedtls_config: add new config option MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
With the introduction of negative option
MBEDTLS_BLOCK_CIPHER_NO_DECRYPT, we don't need to implicitly enable
it through PSA.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-02 12:36:41 +08:00
Dave Rodgman
b351d60e99 Merge remote-tracking branch 'origin/development' into msft-aarch64 2023-11-01 13:20:53 +00:00
Yanray Wang
b67b47425e Rename MBEDTLS_CIPHER_ENCRYPT_ONLY as MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-10-31 17:22:06 +08:00
Yanray Wang
5779096753 Merge remote-tracking branch 'origin/development' into adjust_tfm_configs 2023-10-31 13:39:07 +08:00
Valerio Setti
d531dab4f6 check_config: let SSL_TLS depend on either CIPHER_C or USE_PSA_CRYPTO
TLS code already implements proper dispatching to either
builtin or PSA implementations based on USE_PSA guards, so we can
improve the check_config guards to reflect this.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-30 11:36:32 +01:00
Valerio Setti
c5d9dd262b adjust_psa_from_legacy: enable ALG_STREAM_CIPHER on when CIPHER_C is defined
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-27 09:12:06 +02:00
Valerio Setti
c1d50b6314 check_config: fix dependency of PSA_CRYPTO_C on CIPHER_C
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-27 09:12:06 +02:00
Ronald Cron
95b735530c
Merge pull request #6719 from yuhaoth/pr/tls13-early-data-add-early-data-of-client-hello
TLS 1.3: EarlyData SRV: Add early data extension parser.
2023-10-26 08:31:53 +00:00
Dave Rodgman
6e51abf11d Merge remote-tracking branch 'origin/development' into msft-aarch64
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-25 15:17:11 +01:00
Dave Rodgman
48b965d941 Update clang version requirements
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-25 09:06:24 +01:00
Dave Rodgman
4b8e8dc043 Improve compiler version checking + docs + testing for armclang
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-25 09:06:24 +01:00
Dave Rodgman
18838f6c1a Fix docs for MBEDTLS_AESCE_C
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-25 09:06:24 +01:00
Dave Rodgman
d69d3cda34
Merge pull request #8298 from daverodgman/sha-armce-thumb2
Support SHA256 acceleration on Armv8 thumb2 and arm
2023-10-24 21:23:15 +00:00
Dave Rodgman
514590210b Merge remote-tracking branch 'origin/development' into sha-armce-thumb2
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-23 15:35:07 +01:00
Valerio Setti
bd24d95c27 legacy_from_psa: fix support for PSA_ACCEL_ALG_[STREAM_CIPHER/ECB_NO_PADDING]
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-23 15:01:52 +02:00
Matthias Schulz
edc32eaf1a Uncrustified
Signed-off-by: Matthias Schulz <mschulz@hilscher.com>
2023-10-19 16:09:08 +02:00
Yanray Wang
08e9423f14 Merge remote-tracking branch 'origin/development' into adjust_tfm_configs 2023-10-19 17:44:47 +08:00
Yanray Wang
893623fb28 PBKDF2-AES-CMAC: remove not needed preprocessor directive
PBKDF2-AES-CMAC works if we provide the driver of AES-CMAC or
KEY-TYPE-AES or both. So if PBKDF2-AES-CMAC is requested via PSA,
we don't need to additionally enable builtin AES-CMAC or builtin
KEY-TYPE-AES.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-10-19 16:13:34 +08:00
Gilles Peskine
6407f8fc54
Merge pull request #8322 from valeriosetti/issue8257
Improve location of MD_CAN macros
2023-10-18 14:31:28 +00:00
Matthias Schulz
ab4082290e Added parameters to add callback function to handle unsupported extensions. Similar to how the callback functions work when parsing certificates. Also added new test cases.
Signed-off-by: Matthias Schulz <mschulz@hilscher.com>
2023-10-18 13:20:59 +02:00
Manuel Pégourié-Gonnard
c6d633ffbc
Merge pull request #8297 from valeriosetti/issue8064
Change accel_aead component to full config
2023-10-18 07:15:59 +00:00
Valerio Setti
2f00b7a5da cipher: reset MBEDTLS_CIPHER_HAVE_AEAD to MBEDTLS_CIPHER_MODE_AEAD
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-17 11:43:34 +02:00
Manuel Pégourié-Gonnard
6d42921633 Require at least on curve for ECP_LIGHT
ECP_LIGHT is not usable without any curve, just the same as ECP_C.

We forgot to update this check when introducing the ECP_LIGHT subset.

Note: the message doesn't mention ECP_LIGHT as that's not a public
config knob, hence the message with "ECP_C or a subset" (that's how it's
referred to in user-facing documentation such as
docs/driver-only-builds.md).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-10-17 10:01:33 +02:00
Valerio Setti
9fc1f24331 md: restore md.h includes in source files directly using its elements
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-16 14:39:38 +02:00
Yanray Wang
aa01ee303a Merge remote-tracking branch 'origin/development' into support_cipher_encrypt_only 2023-10-16 17:38:32 +08:00
Valerio Setti
596ef6c0b1 cipher: reset MBEDTLS_CIPHER_HAVE_AEAD_LEGACY to previous naming
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-16 11:26:08 +02:00
Dave Rodgman
3e52184923 Make macro definition more consistent with similar defns
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-16 09:25:59 +01:00
Dave Rodgman
0a48717b83 Simplify Windows-on-Arm macros
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-16 09:25:59 +01:00
Valerio Setti
5f5573fa90 cipher: reintroduce symbol for legacy AEAD support
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-13 17:29:27 +02:00
Dave Rodgman
7821df3e8b Adjust use of deprecated in Doxygen
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-13 09:39:11 +01:00
Dave Rodgman
d85277c62e Doxygen fixes
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-13 09:22:54 +01:00
Valerio Setti
193e383686 check_config: fix typo causing build issues with only CCM enabled
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-13 09:37:24 +02:00
Valerio Setti
db1ca8fc33 cipher: keep MBEDTLS_CIPHER_HAVE symbols private
This commit also improve the usage of these new symbols in
cipher_wrap code

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-12 10:39:54 +02:00
Valerio Setti
e570704f1f ssl: use MBEDTLS_SSL_HAVE_[CCM/GCM/CHACHAPOLY/AEAD] macros for ssl code
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-12 10:39:37 +02:00
Jerry Yu
7a799ccacd Share early_data_status between server and client
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-10-12 15:02:01 +08:00
Jerry Yu
02e3a074a3 Add max_early_data_size into ticket
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-10-12 15:00:26 +08:00
Bence Szépkúti
9b0c8164eb
Merge pull request #8330 from KloolK/extern-c
Fix C++ build issue when MBEDTLS_ASN1_PARSE_C is not enabled
2023-10-11 16:19:39 +00:00
Dave Rodgman
b0d9830373
Merge branch 'development' into sha-armce-thumb2
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-11 13:53:41 +01:00
Valerio Setti
02a634decd md: remove unnecessary inclusions of mbedtls/md.h
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-11 13:15:58 +02:00
Valerio Setti
6bd3d9b166 cipher: fix missing spaces
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-11 13:10:34 +02:00
Valerio Setti
d0411defa2 cipher: add internal symbols for AEAD capabilities
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-11 13:10:34 +02:00
Valerio Setti
e7bac17b5d test: keep SSL_TICKET_C and SSL_CONTEXT_SERIALIZATION enabled
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-11 13:10:34 +02:00
Dave Rodgman
be7915aa6c Revert renaming of SHA512 options
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-11 10:59:05 +01:00
Bence Szépkúti
cffd7135c6
Merge pull request #8328 from yanrayw/sha256_context_guard
sha256_context: guard is224 by MBEDTLS_SHA224_C
2023-10-11 09:13:33 +00:00
Ronald Cron
a89d2ba132
Merge pull request #8327 from ronald-cron-arm/adapt-psa-crypto-repo-name
Adapt to new PSA Crypto repo name
2023-10-11 06:45:30 +00:00
Dave Rodgman
5b89c55bb8 Rename MBEDTLS_SHAxxx_USE_ARMV8_yyy to MBEDTLS_SHAxxx_USE_ARMV8_A_yyy
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-10 15:14:57 +01:00
Dave Rodgman
fe9fda81aa Rename MBEDTLS_ARCH_IS_ARMV8 to MBEDTLS_ARCH_IS_ARMV8_A
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-10 15:14:56 +01:00
Dave Rodgman
f097bef6ea Refer to Armv8-A (not Armv8) in docs
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-10 15:14:30 +01:00
Dave Rodgman
c5861d5bf2 Code style
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-10 14:01:54 +01:00
Dave Rodgman
6ab314f71d More config option renaming
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-10 14:00:17 +01:00
Dave Rodgman
94a634db96 Rename A64 config options
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-10 12:59:29 +01:00
Ronald Cron
7871cb14a7 Include psa/build_info.h instead of mbedtls/build_info.h
In PSA headers include psa/build_info.h instead
of mbedtls/build_info.h. In Mbed TLS, both are
equivalent but not in TF-PSA-Crypto where
psa/build_info.h is the correct one.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-10-10 09:35:22 +02:00
Jan Bruckner
946720aac5 Fix C++ build issue when MBEDTLS_ASN1_PARSE_C is not enabled
Signed-off-by: Jan Bruckner <jan@janbruckner.de>
2023-10-09 16:53:41 +02:00
Yanray Wang
29db8b061d sha256.h: add guard for is224 in sha256 context
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-10-09 18:09:47 +08:00
Ronald Cron
070e8652d5 Adapt to new PSA Crypto repo name
Patterns I looked for:
grep -i "psa-crypto"
grep -i "psa.*crypto.*repo"
grep -i "psa.*crypto.*root"

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-10-09 10:26:18 +02:00
Thomas Daubney
540324cd21 Correct styling of Mbed TLS in documentation
Several bits of documentation were incorrectly styling Mbed TLS
as MbedTLS.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2023-10-06 17:07:24 +01:00
Valerio Setti
85d2a98549 md: move definitions of MBEDTLS_MD_CAN to config_adjust_legacy_crypto.h
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-06 16:04:49 +02:00
Dave Rodgman
7ed619d3fa Enable run-time detection for Thumb and Arm
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-05 09:39:56 +01:00
Dave Rodgman
bfe6021e85 Improve docs
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-05 08:31:22 +01:00
Dave Rodgman
ca92f50e12 Update docs for MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-05 08:24:55 +01:00
Dave Rodgman
8690859097 Improve docs
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-04 17:40:25 +01:00
Minos Galanakis
31ca313efa Bump version to 3.5.0
```
./scripts/bump_version.sh --version 3.5.0
```

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-10-03 22:02:18 +01:00
Minos Galanakis
1a3ad265cc Merge branch 'development-restricted' into mbedtls-3.5.0rc0-pr
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-10-03 21:57:51 +01:00
Dave Rodgman
cc5bf4946f Make SHA256 depend on Armv8, not aarch64
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-03 18:02:56 +01:00
Dave Rodgman
5ed7b2dec2 Introduce MBEDTLS_ARCH_IS_ARMV8
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-03 18:02:31 +01:00